Reputation: 21
Trying to safely use the exec function of PHP to run a python script on a server
Referring to a comment from someone on the question here:
While it is possible to make the script commands safe, a common attack vector is to upload a malicious script and use exec and similar functions to hack the server. As such, many shared hosting environments disable this and any other function that can run a shell argument.
Is this true? Is my server in risk of being attacked simply because I enable the php scripts to run the exec() method?
What can I do to prevent hackers from uploading files on my server? Or are there any other countermeasure that allows me to use the exec method safely?
Upvotes: 0
Views: 117
Answers (1)
Reputation: 815
As long as you don't have a method for allowing users to upload files, you should be fine.
The way hackers would do this is uploading a .php file with a malicious exec(), then open the file via a web browser, thus executing the PHP code in the file, along with the exec() method.
Upvotes: 1
Related Questions
- how to run a python file using exec() function in php
- Execute python in a php script using shell_exec()
- Exec python from php
- php exec() not running python script
- Using exec() to run python script in PHP
- Python Script Failing to Execute from PHP exec()
- Running Python scripts from using PHP exec()
- Getting PHP to run a Python script
- error on using exec() to call python script
- How to avoid PHP exec() by using WSGI to execute a Python script?